[Japanese]

JVNDB-2007-000802

Lotus Domino cross-site scripting vulnerability

Overview

IBM Lotus Domino contains a cross-site scripting vulnerability.

IBM Lotus Domino is server software for Lotus Notes, groupware from IBM.
Lotus Domino contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


IBM Corporation
  • IBM Domino (formerly IBM Lotus Domino) 6.0.X
  • IBM Domino (formerly IBM Lotus Domino) 6.5.X
  • IBM Domino (formerly IBM Lotus Domino) 7.0.X

Impact

An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server.
Solution

[Update the Software]
For Lotus Domino 6.5.X and 7.0.X users:
Apply the latest updates provided by the vendor.

Latest updates:
Lotus Domino 6.5.6 Fix Pack 2 (FP2)
Lotus Domino 7.0.2 Fix Pack 2 (FP2)
Lotus Domino 7.0.3
Lotus Domino 8.0

For Lotus Domino 6.0.X users:

As of April 30, 2007, IBM has announced the Lotus Notes and Domino version 6.0.X is no longer supported. The vendor recommends that users of versions prior to Lotus Domino 6.5.X upgrade to version 6.5.X or upper versions.

For more information, refer to the vendor's website.
Vendor Information

IBM Corporation
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5924
References

  1. JVN : JVN#84565055
  2. National Vulnerability Database (NVD) : CVE-2007-5924
  3. Secunia Advisory : SA27509
  4. SecurityFocus : 26298
  5. FrSIRT Advisories : FrSIRT/ADV-2007-3700
Revision History

  • [2008/05/21]
      Web page published